Event ID - 31785

Port No31785
Service NameHackATack.120
RFC Doc0
ProtocolTCP
DescriptionThis backdoor malware allows a remote user to access an infected PC.
Reference LinkHackATack.120
AttackSolutions:

Follow this registry path and delete the entry, Explorer32 = %WinDir%\Expl32.EXE. %Windir% is usually the C:\Windows directory:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_HACKTACK.B and the dropped file, "EXPL32.EXE." To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Details:

This backdoor malware consists of two parts, the client program and the server program. The server program allows a remote user to control the infected PC, while the client program, once executed can log-in to the server program and remotely control the PC.

This backdoor malware acts as the server program and drops the file "Expl32.EXE" at the Windows folder and then modifies the registry so that the dropped file is run every time Windows starts. The registry key "Explorer32" is added at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer32 = \Expl32.EXE.

Once the file is loaded in memory, the process is invisible in the background. With this backdoor malware the remote user can perform any of the following on the infected computer:
Manipulate the CDROM drive
Make sounds at the speaker
View the victim’s monitor
Change the taskbar settings
Control the mouse of the victim
Send ICQ messages and emails
Steal ICQ password
Browse using the default browser
Disconnect the victim from a Dial-Up
Shutdown, reboot, power-off, log-off the victim
Manipulate/Run files
Chat with the victim

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.